Bitcoin Archives | FULMO Blog

Bitcoin LightningATM – Pocket Edition construction guide

August 5, 2022August 5, 2022
by Tim

The LightningATM is a fully functional Bitcoin ATM and demonstrates the power of the Bitcoin Lightning Network. It accepts Fiat-Coins and gives you back precious Satoshis (SATS). Thanks to Lightning even small amounts can be exchanged with near-zerofees. The LightningATM is the perfect Showcase on every Meetup, Conference, or in your Office to onboard more people in a fun way to Bitcoin.

In this guide, we put together our knowledge and give you a guide to assemble the LightningATM construction set which you maybe bought in our shop. But even if you purchasedall the parts by yourself the guide should be helpful. Besides our documentation,you find excellent tutorials and videos on the official Bitcoin LightningATM wiki and in our first guide. If you prefer to have a tutorial in german I can highly recommend the great tutorial at Ereignishorizont.

This guide is divided into five sections:

overview LightningATM hardware components
hardware assembly guide
Software setup LightningATM
Software setup lntxbot
your first exchange

Important: All the hardware assembly and software setup/usage you are doing at your own risk!

LightningATM hardware components

Before you can put together the different hardware components you should haveat least the following tools for the proper construction of the ATM at hand:

small screwdriver
voltmeter
one insulated plier (alternative: sharp knife)
soldering iron (optional)

If you don’t have a voltmeter at hand maybe ask in a hacking space near you before you purchase one, they should have one. You need the voltmeter just to tune thevoltage transformer once.

All the parts you need for the ATM are the following:

3D printed case
Coin Acceptor
Raspberry Pi Zero
Jumper Cables
Power Converter
ePaper – Display
Micro USB Cable
Micro SD Card
Screws

We recommend using the Version 2 of the Waveshare 2.13inch display. Otherwise, you can face problems in running the demos from Waveshare library and the ATM software itself. Please check the back of the display for a “V2” sticker.

When you have all parts together let’s get our hands dirty and let’s assemble the components.

Hardware assembly

Micro USB Cable

Let’s start with the preparation of the Micro USB Cable. With some luck, you got already the Micro USB / USB Type-A version with open wires. Lucky peep, no work for you. If you got one complete Micro USB / USB Type-A cable you have to cut it in half. The cable with the Micro USB head should be around 12 cm.

You have to uncover the electrical conductors and can also remove the data conductors (green and white) from the cable if you want. For the best possible result and to have it easier for the connection with the power converter, you should solder the conductors. But no worries if you haven’t a soldering iron you can just twist the conductors and bring them in shape.

Prepare the power converter

If you have your UBS-Cable prepared you can now connect it to the IN ports of the power converter. The black cable has to be connectedto IN(-) and the red cable to IN(+). If the cable is connected to the converter you have to adjust the resistor to get the proper poweron the outgoing connections of the converter.

CAUTION! IN THE NEXT STEP!

The converter could have high voltage on the OUT ports.

Connect the USB-Cable head to a power bank or 5V battery and put the voltmeter at the OUT(-) and OUT(+). Now adjust the little golden screw as long as you have 12,1V on the voltmeter. You must have exactly 12,1V. If the voltage is too high, you could destroy the coin acceptor. Remove the voltmeter from the OUT port and add two jumper cables to it.

Prepare the coin acceptor

Now you can connect the jumper cables with the coin acceptor. The red jumper cable goes to DC12V and the black jumper cable goes to GND.

Configure and teach the coin acceptor

When you finished the previous steps your setup should now look something like this, except for the power supply:

Now it’s time to configure the coin acceptor.

If you prefer a more visual guide for the configuration and for the teaching of the coin acceptor you should check out the following video from 21isenough: https://youtu.be/14JfEhNSdZE?t=1413

Following the steps for the configuration.

Set the two step switch on the coin acceptor to “NO”
Set the three step switch to “Medium”
Press and hold the ADD and MINUS button at the same time until A appears in the display
Press the SET key and hold it for a short time, then E appears in the display. This indicates that you are now in the menu for the number of different coin types
Use ADD (or MINUS) to set the number of coins to 6 (coins = 5 cents to 2 euros) and press SET
Now the display shows H1 (for first coin) and the first of 6 LEDs should be active
Now indicate how often the coin should be inserted for calibration. Set to 20 with ADD (or MINUS) and press SET
The display now shows P1 for further settings of coin 1 and you can define the output signal 5 cents = 2 pulses / 10 cents = 3 pulses / 20 cents = 4 pulses / 50 cents = 5 pulses / 10 euros = 6 pulses / 2 euros = 7 pulses
Set with ADD (or MINUS) to 2 pulses (for 5 cents) and then press SET
The last thing on the display is F1, which stands for the accuracy of the coin detection. The value 8 worked well
Use ADD (or MINUS) to set to 8 and then press SET
The parameterization for the first coin is now done and the next 5 coins must follow
Now the second LED is on and the display shows H2
Repeat the same steps for the second coin up to 6 coins
If all coins are set, all LEDs flash briefly to confirm and the display shows A again
After a short time the display shows 0 (zero) again

If the steps were successful you can calibrate now the coin acceptor.

Press the SET key twice
The first LED light and A1 appears in the display
Now insert the first coin (5 cents) 20 times.
It is recommended to use as many different coins of the same type as possible
After all that the LEDs will flash and the display will show A2
Repeat the procedure for the remaining coins
All LEDs flash again briefly for confirmation and the display shows 0 again

Now the coin acceptor is ready.

Prepare the display

The next step is the preparation of the display. If you have any issues with the display or later problems with the software for the display you should check out the official Waveshare Issue-Tracker and the official documentation.

First, you mount the e-Paper display to the e-Paper-Adapter. Be careful, the e-Paper display is very fragile. The next step is to connect the e-Paper-Adapter to the e-Paper-HAT with the flat white cable. The third step is to connect the 8 cables from the e-Paper-HAT to the Raspberry Pi Zero. For the wiring, details have a look at the great plan from Axel Hamburch:

Connect the Raspberry Pi Zero with the Coin Accepetor

For further details look at the detailed wiring plan:

At that point your hardware is ready and you can go to the software setup. Before you put everything into the case I recommend first to setup the software. It’s easier to do debugging outside of the case.

Setup the LightningATM

Install the ATM software

You can find further explanations at the official ATM documentation.

Download the Raspbian ATM Image
Flash the Image to the SD Card with balenaEtcher
Remove and add the SD Card again to your computer
In the mounted SD Card add one file to the /boot folder on the flashed SD Card
Create “wpa_supplicant.conf” file and add your Wifi credentials

The configuration file should look like:

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

network={
	ssid="Home"
	scan_ssid=1
	psk="XXXXXXXXXXXX"
	id_str="Home"
}

Remove the SD Card from your computer and put the card in the Pi Zero.Turn on the Raspberry Pi now and wait a bit. In the meantime check atyour local router which IP address was assigned to the Zero. To makethings easy in the future let the router always assign the same IPaddress to the Pi.
Go to a terminal application on your computer and remotely access yourPi. For example the “Terminal” on macOS or Windows via the SSH-Client”PuTTY”.

Login to your Zero with the IP and the user “pi” for example “pi@192.168.xxx.xxx”
Confirm to add the ECDSA key fingerprint with “yes”
Login with the default password “raspberry”
Change the default password of the user “pi” to a new password with “passwd”. CAUTION: you have to remember the password for the future. Best, put it directly into a Password-Manager
Upgrade the Pi Zero to the newest software version

$ sudo apt update && sudo apt upgrade

It takes some time but doesn’t skip the step because you will also get security patches with an update.

Now you can install “clone” the current version of the LightningATM Software:

$ git clone https://github.com/21isenough/LightningATM.git
$ cd LightningATM
$ pip3 install -r requirements.txt

In the process, the Pi will reboot and you have to log in again with the credentials you set earlier.

Install the display drivers

First you have to install the Waveshare Python display driver.
Execute the following commands:

$ cd ~
$ git clone https://github.com/waveshare/e-Paper
$ cd ~/e-Paper/RaspberryPi*/python
$ sudo python3 setup.py install

If you want to test for the correct installation and correct wiring of your display you can use the example programs included in the cloned project.

CAUTION: Before running the display test make sure that your e-Paper-HAT switches (little jumpers) are set to A and 0.

$ cd ~
$ cd e-Paper/RaspberryPi_JetsonNano/python/examples/
$ sudo python3 ./epd_2in13_V2_test.py

CAUTION: If you have a different display version (little sticker on the e-Paper display back) than “V2”, you have to adjust the test program accordingly.

If you have problems getting the demo running you find more help in the Waveshare Issue tracker.

If everything works fine you can initialize the ATM software. With the first startup of the ATM, the “config.ini” will be created.

Execute the following commands:

$ cd ~/LightningATM/
$ ./app.py

This will lead to an error like “No display configuration matched”. That’s why we have to adjust the “config.ini” now.

$ cd ~
$ nano ~/.lightningATM/config.ini

When the file is open, change the “display” variable to “waveshare2in13v2”.

# Define what screen you are using with the ATM
# Current options are:
# display = papiruszero2in
# display = waveshare2in13
display = waveshare2in13v2

You can save your changes now and close the file for now.

Setup lntxbot

To get Bitcoin for the dirty fiat coins to have to define an exchange endpoint. To keep things easier we concentrated on the Telegram-Bot called lntxbot. You could do the same with a BTCPay Server endpoint.

Open the “config.ini” file and do the following adjustments.
Set the wallet to the lntxbot.

activewallet = lntxbot

Now you can add your credentials for the bot:

[lntxbot]
url = https://lntxbot.com
creds = YOUR_LNTXBOT_CREDENTIALS

In your lntxbot you can get your credentials with the following command:

/lightningatm

The output should be similar to:

You can save the file now.

First exchange

If the previous steps all succeeded you can test your first exchange with the ATM.

$ cd ~/LightningATM/
$ ./app.py

You should see now the welcome message from the ATM and can insert the first coins.After some time the display should print that beautiful invoice which you canscan in your wallet.

Congratulations! You made your first transaction with the Pocket ATM. Now spread the word and showcase the ATM on the next community meetup.

May the Bitcoin be with you!

Regulatory attention on Bitcoin & privacy techniques to counter

May 31, 2021May 31, 2021
by @_pretyflaco

Attention is both a curse and a blessing. On the one hand, almost every Bitcoiner wants more adoption and welcomes any coverage that might attract one or two new users to Bitcoin. After all, the peaceful revolution to separate money and state can only succeed if more people join it. On the other hand, not all attention is equally helpful. When Wikileaks started accepting Bitcoin donations, Satoshi was concerned about the attention given to Bitcoin in 2011 and disappeared a short time later with the following penultimate words:

“WikiLeaks has kicked the hornet’s nest, and the swarm is headed towards us.”
Satoshi Nakamoto

Today we know that the hornets went after Wikileaks (and continue to do so to this day). Bitcoin however, went on a honeymoon phase in which the network grew to a sizable strength with millions of users and institutional investors piling in. But this honeymoon phase is bound to end eventually.

In this article we will outline how increased attention to Bitcoin and accompanying regulation plans are creating an environment that is detrimental to user’s rights to financial privacy, and which Bitcoin tools to mitigate are available today.

While governments may accept that Bitcoin isn’t going away, it is extremely unlikely that they will embrace its Cypherpunk qualities of censorship resistance, financial privacy and inclusivity. More likely, they will exhaust all means to regulate the ecosystem in ways that aim to dilute Bitcoin’s censorship-resistance and put the financial privacy of Bitcoin users at risk.

Efforts to this end are already underway. The emergence of mining pools with blacklists that only want to accept compliant transactions into blocks gives an idea of how an attack on censorship-resistance could play out.

Playing right into this, are regulatory efforts, such as the recently published Financial Action Task Force draft (summary). It aims to undermine the pseudonymity of Bitcoin addresses with even broader collection of KYC data. What these regulatory domestication attempts have in common is that they attempt to exploit the public nature of the Bitcoin timechain by augmenting it with toxic honeypots of personal data.

Surveillance companies are enemies of a free society

Centralized service providers in the Bitcoin ecosystem are obliged to conform to AML / KYC regulations on a “best effort” basis and by implementing “reasonable procedures” to prevent money laundering.

Screenshot from https://support.bitvavo.com/l/en/article/icy22n424p-transaction-monitoring

The uncertainty about what “best effort” and “reasonable” exactly means is creating an environment where service providers are susceptible to the marketing of surveillance companies. These are positioning themselves as the silver bullet to regulatory compliance and consulting the service providers on “risk management” in ways that are overreaching and pre-compliant. Several companies with big marketing budgets have specialized in this kind of surveillance activity and built a business around selling on-chain snooping software and data.

Bitcoin is not anonymous, at least not by current majority default usage. The Bitcoin timechain is an open, transparent, pseudonymous public ledger accessible for anyone. It doesn’t contain any real world personal identity data, but the way Bitcoin is currently transacted by the majority of users makes it possible for observers to trace transactions and cluster addresses to entities. Should one of the addresses from a clustered entity make a transaction to a KYC exchange, the entire cluster, with all of its balances and transaction history, can be tied to a real world identity. Augmented with metadata acquired by KYC services, transactions and addresses can be mapped to identities, turning the pseudonymous timechain to a database of who owns what and who paid who. This is highly dangerous. With the latest big data analysis software, a government could sift through bulk financial data to create profiles of users, enforce a police state or engage in social engineering; criminals could seek out wealthy victims to target, companies could snoop on their employees spending behavior.

“No one shall be subjected to arbitrary interference with his privacy”

Universal Declaration of Human Rights

Privacy is a fundamental human right, essential to autonomy and the protection of human dignity, serving as the foundation upon which many other human rights are built. If intrusive surveillance companies are allowed to continue their malpractices with further adoption of Bitcoin, this could become a threat to personal safety, human dignity, the operation of a free market and ultimately, a free society.

“The way rights work is, the government has to justify its intrusion into your rights.”

Edward Snowden

Edward Snowden’s revelations have demonstrated that the right to privacy is not something humans can trust their governments to enforce. Weighed up against international terrorism, human rights have always drawn the short straw. The direction that international regulations led by FATF are headed prove once again that users cannot rely on institutions to protect their rights, that corporations and regulators cannot be trusted to safeguard the human right to privacy.

“We must defend our own privacy if we expect to have any.”

Eric Hughes

Bitcoiners know that freedom is fought for and earned. Consequently, users need to take matters into their own hands and arm themselves with defensive technology and best practices to safeguard their privacy with free code. On paper, privacy is a human right. But in reality, it’s a human fight against ever more data and control obsessed corporations and authorities.

Discovery of Coinjoin

While traditional banking provides a fair amount of privacy by making identities and their transactions only known to the trusted third party, Bitcoin inherently separates identities from transactions which are public.

The data applied by surveillance companies and KYC exchanges aims to abolish the identity-transaction separation. To this end, they cluster addresses using the common input ownership heuristic, which is the assumption that if a transaction has more than one input then all those inputs are owned by the same entity. As of early 2021, very commonly this assumption is true, which is why surveillance companies can apply it successfully.

Thankfully, Satoshi designed Bitcoin in a way that the protocol holds solutions against surveillance attacks. Heuristics can only be meaningfully applied if they hold true significantly more often than not. When the number of false positives exceeds a certain threshold, the heuristic becomes unusable. In Bitcoin, this can be achieved by changing the way that users create transactions. The blueprint for this change was laid out by Gregory Maxwell in two BitcoinTalk posts (here & here).

“This message describes a transaction style Bitcoin users can use to dramatically improve their privacy which I’ve been calling CoinJoin.”

Gregory Maxwell

In 2013, Maxwell proposed Coinjoin, a way of transacting Bitcoin that makes it difficult for observers to determine who paid who and which output belongs to whom. To that end, multiple spenders coordinate to combine multiple inputs into a single transaction. This happens completely trustless, meaning users always keep custody of their bitcoin and do not have to trust a third party.

Herein lies a key difference to custodial mixing services or tumblers, where users must trust that the third party they sent their bitcoin to is honest and sends another party’s coins back as agreed.

But even if the mixing service is well-intentioned and they send someone else’s coins, the coin’s history will remain attached to it, now traceable to the new owner.

In comparison with mixing services, Coinjoin is therefore clearly superior as it is more akin to melting many inputs to brand-new outputs, with each of their histories detached.

Lastly, no party must take custody of any other party’s coins and run the legal risk of being classified a money transmitter or virtual asset service provider – a classification that introduces the regulatory burden of being obliged to collect personal data and employ the above mentioned “best effort” to comply with AML laws.

Coinjoin transcations have been possible since day 1 of the protocol, but were limited due to their complexity, and only used by a few who understood the craft of rolling up transactions. However, there has always been a consensus that this type of transaction should be made easily accessible to a larger number of users as Bitcoin adoption progresses.

A bounty pool with the purpose of promoting research and development for Coinjoin (currently holding 30 BTC) attracted numerous developers to this task, and shortly thereafter, the first privacy-focused wallets emerged. In recent years, usability has steadily improved and Coinjoin has ousted custodial mixing services, establishing itself as the go-to technique in the best-practice repertoire of privacy-conscious users. The implementations most broadly in use are currently Joinmarket, Wasabi Wallet and Samourai Whirlpool (overview). All three enable users to coordinate equal-output Coinjoins to break links to transaction history and increase the fungibility of their bitcoin.

However, the increase in use of Coinjoins has caused a dystopic reaction from exchanges advised by surveillance companies. Since late 2019, there have been reports of exchanges creating friction for users who used Coinjoin, hassling them with questions about the source of funds, the reason for Coinjoin usage and demanding other accounts.

Coinjoins can reliably obfuscate the transaction history, but it is possible for an observer to identify that a specific output was involved in a Coinjoin by the multiparty equal-output transaction visible on-chain.

There is no specific legal requirement in any jurisdiction to flag Coinjoin use or deny service to Coinjoin UTXOs. It is simply more convenient for legislators to enact vague regulations and keep the ecosystem guessing. This way, virtual asset service providers have to anticipate what might be against the law and, in order to minimize the risk of license revocation, implement much more restrictive policies.

“We completed our compliance review and determined to ban your account with Paxful as it’s beyond our risk-appetite. We understand your privacy concerns, but the substantial amount of funds from the Wasabi wallet is high-risk for Paxful.”

Paxful

If a legislator were to attempt to define when a Coinjoin transaction should be rejected, it would have to answer the question of how many hops must be between a supposedly sanctionable transaction and its transfer to a regulated exchange for the exchange to be allowed to service it or not. However, once such a definition takes place, everyone would know how many hops it would take to fall off the grid. Regulation would therefore be tantamount to an instruction to circumvent that very regulation. By keeping the rules vague, the legislator conveniently avoids this situation at the cost of blameless users, who, stigmatized for the use of best practices, find it more difficult to secure their right to personal data protection.

“For privacy to be widespread it must be part of a social contract. People must come and together deploy these systems for the common good.”

Eric Hughes

At this point, it must be noted that privacy coins like Monero are in no way better off than Bitcoin transactions in this regard. According to the (flawed) logic applied for Coinjoin flagging, every Monero transaction would be flagged as conspicuous. After all, the problem is not a technical one, but a social one. The only way out of this mess is to collectively honor the need for financial privacy and stop playing with those, who don’t.

Make every spend a potential Payjoin

Another very promising tool in the fight for on-chain privacy is Payjoin. It is a special type of Coinjoin transaction between two parties where one party pays the other. The major benefit of a Payjoin transaction is that it is indistinguishable from regular transactions that surveillance companies apply the common-input ownership heuristic on, but in the case of Payjoin, the heuristic fails.

Screenshot of Payjoin transaction menu from JoinInBox GUI for Joinmarket on Raspiblitz

In a regular transaction surveillance companies assume that all inputs belong to the payer and cluster the sending addresses to the same entity. But this assumption is broken with a Payjoin, because here one input belongs to the payee. Since it is impossible to differentiate Payjoin transactions from regular transactions with multiple inputs, also called steganographic transactions, the most powerful heuristic employed by surveillance companies to deanonymize users is broken and becomes unusable if adopted more broadly.

Here, adoption doesn’t necessarily mean that users actually use Payjoin for every transaction – for the common-input ownership heuristic to become unusable it would theoretically be sufficient that enough wallets implement this feature in a way that it becomes probable that users could have potentially used it. If enough wallets adopt Payjoin, surveillance companies are forced to adjust the success probability of their heuristics to a degree that interpretation becomes ambiguous.

The Bitcoin Wiki has a site that tracks adoption of Payjoin in wallets. Driving adoption for Payjoin is a particularly low-hanging fruit for more on-chain privacy as it doesn’t require that everyone uses it for everyone to profit from it.

Software Wallets with Payjoin Support, Screenshot from https://en.bitcoin.it/wiki/PayJoin_adoption

Censorship-resistance is Bitcoin’s most important property that many other fundamental properties directly rely on, but censorship-resistance itself relies partly on fungibility. Breaking the common-input ownership heuristic would be a crucial win for more fungibility in Bitcoin, and consequently for all other Cypherpunk properties. Payjoin adoption made a big step forward when JoinMarket and BTCPayServer implemented it. If only a few more would follow, on-chain privacy could benefit asymmetrically.

Of course, the mere presence of the Payjoin option in wallets does not entirely suffice. It also needs to be used. In the next article we will therefore guide you through the process of setting up Payjoin as a BTCPayServer merchant and how, as a customer, you can Payjoin with JoinMarket.

Written by @_pretyflaco, thanks go out to @HillebrandMax and @fulmolightning for input and advice. Featured image from https://en.bitcoinwiki.org/index.php?curid=271660